RMTWeb

View Original

Discovering vulnerabilities

We had yet another brilliant evening of programming club last night at the ISArc offices near the Giants Causeway. We learned about common web-based systems attacks and how to counter them in our code. There were many tools to discover open ports, but perhaps none so interesting as mmap.

NMap

NMap is described as a security scanner, and it does exactly that - allowing you to scan your servers to find out what ports are open and then remedy the situation. Ideally a web server will only return port 80 being open.Download NMap for Windows or Mac or LinuxOnce you have downloaded and installed NMap on your Mac, simply open terminal (using another handy shortcut that I learned last night, pressing command and space to open spotlight and then type terminal and press enter)In terminal, you then type: nmap -v ipaddressObviously for security reasons I cant show you our results, but needless to say we found a few ports open that should not have been open (we were looking for only 2 ports open, 80 and 443 ideally), though discovered that the strange ports up near the 50000 range were actually for the dropbox services, so not a major panic after all.If you know of other tools, or can add details on the Windows way of using NMap, please do comment!